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IN THE CLAIMS: 

Set forth below in ascending order, with status identifiers, is a complete listing of all 
claims currently under examination. Changes to any amended claims are indicated by 
strikethrough and underlining. This listing also reflects any cancellation and/or addition of 
claims. 

What is claimed is: 

1. (currently amended) A method of using a firewall local to a host computer to prevent 
spoofing of an address resolution cache of a the host computer station , the method comprising: 

said firewall receiving an unsolicited message from a network that submits a new address 
resolution for a network protocol address; 

said firewall checking independently cached address resolution information associated 
with the host computer station ; 

in response to determining that cached address resolution information for said network 
protocol address has an old address resolution which differs from said new address resolution, 
said firewall issuing a request for network elements having said network protocol address to 
reply with address resolution information in order to check the authenticity of the unsolici ed 
message submitting the new address resolution for the network protocol address ; 

in response to determining that no reply messages confirm that a network element has 
said old address resolution, said firewall permitting at least one message to pass onto said host 
computer station which includes said new address resolution; and 

in response to receiving a reply message that confirms a network element has said old 
address resolution, said firewall blocking at least one message which include said new address 
resolution from passing onto said host computer station ; 

wherein said firewall protects said host computer station from spoofed address resolution 
messages. 

2. (original) The method of claim 1, wherein said network implements a LAN network 
running Internet Protocol Version 4 using the Address Resolution Protocol (ARP) for resolving 
medium access control (MAC) addresses, and said address resolution cache is an ARP cache 
mapping IPv4 addresses to MAC addresses. 
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3. (original) The method of claim 1, wherein said network implements Internet Protocol 
Version 6 (IPv6) with Neighbor Discovery for resolving MAC addresses, and said address 
resolution cache is a Neighbor Discovery cache for mapping IPv6 addresses to MAC addresses. 

4. (currently amended) A method of using a firewall local to a host computer station to 
prevent spoofing of an address resolution cache of the host computer station , the method 
comprising: 

said firewall maintaining a shadow copy of said address resolution cache; 

said firewall receiving an unsolicited message from a network that submits a new address 
resolution for a network protocol address; 

said firewall checking said shadow copy of said address resolution cache; 

in response to determining that cached address resolution information for said network 
protocol address has an old address resolution which differs from said new address resolution, 
said firewall issuing a request for network elements having said network protocol address to 
reply with address resolution information in order to check the authenticity of the unsolicited 
message -.uh mitting the new address resolution for the network protocol address ; 

in response to determining that no reply messages confirm that a network element has 
said old address resolution, said firewall permitting an update of said address resolution cache to 
have said new address resolution; and 

in response to receiving a reply message that confirms a network element has said old 
address resolution, said firewall blocking an update of said address resolution cache to have said 
new address resolution; 

wherein the validity of an unsolicited address resolution is checked by said firewall 
before permitting an update of said address resolution cache of said host computer station . 

5. (original) The method of claim 4, wherein said network implements a LAN network 
running Internet Protocol Version 4 using the Address Resolution Protocol (ARP) for resolving 
medium access control (MAC) addresses, and said address resolution cache is an ARP cache 
mapping IPv4 addresses to MAC addresses. 
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6. (original) The method of claim 4, wherein said network implements Internet Protocol 
Version 6 (IPv6) with Neighbor Discovery for resolving MAC addresses, and said address 
resolution cache is a Neighbor Discovery cache for mapping IPv6 addresses to MAC addresses. 

7. (original) The method of claim 4, wherein said permitting said update of said address 
resolution cache comprises: 

permitting a message having said new address resolution to pass onto a host computer. 

8. (currently amended) The method of claim 4, wherein said blocking said update of said 
old address resolution comprises: 

blocking at least one message having said new address resolution from passing onto a 
host computer station . 

9. (currently amended) The method of claim 4, wherein said maintaining said shadow copy 
comprises: storing cache entries with a residency lifetime greater than in said address resolution 
cache of said host computer station . 

10. (currently amended) A firewall local to a host computer station for preventing spoofing 
of an address resolution cache of the computer station , the firewall comprising: 

a state machine adapted to check independently cached address resolution information in 
response to receiving an unsolicited address resolution response message directed to said host 
computer station including a submitted new address resolution for a network protocol address; 

said state machine generating a request for network elements to report an address 
resolution for said network protocol address in response to determining that said address 
resolution of said unsolicited message differs from a previously cached address resolution for 
said network protocol address in order to check the authenticity of the unsolicited address 
resolution message submitting the new address resolution for the network protocol address ; 

said state machine permitting an update of cached address resolution information to 
include said submitted address resolution in response to determining that no address resolution 
reply messages have said previously cached address resolution for said network protocol address; 
and 
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said state machine blocking an update of cached address resolution information of said 
address resolution cache of said host computer station to include said submitted address 
resolution for said network protocol address in response to determining a reply message has said 
previously cached address resolution. 

11. (original) The firewall of claim 10, further comprising: a shadow copy of said address 
resolution cache, wherein said state machine is adapted to check said shadow copy for cached 
address resolution information. 

12. (original) The firewall of claim 11, wherein cache entries in said shadow copy have a 
residency lifetime greater than corresponding entries of said address resolution cache. 

13. (original) The firewall of claim 10, wherein said address resolution cache is an ARP 
cache. 

14. (original) The firewall of claim 10, wherein said address resolution cache is a Neighbor 
Discovery cache. 

15. (new) The firewall of claim 10, wherein the firewall is resident on the host computer 
station. 

16. (new). The firewall of claim 10, wherein the firewall is resident on a chipset associated 
with a host computer station. 

17. (new) The method of claim 1, wherein the firewall is resident on the host computer 
station. 

18. (new). The method of claim 1, wherein the firewall is resident on a chipset associated 
with the host computer station. 
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19. (new) The method of claim 4, wherein the firewall is resident on the host computer 
station. 

20. (new). The method of claim 4, wherein the firewall is resident on a chipset associated 
with the host computer station. 
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